EUVD-2026-35269
External Control of Assumed-Immutable Web Parameter (CWE-472)
GHSA-4m59-9rc7-xwfx
Medium
Disputed · 5.3 NVD
Share
Severity by source
Sources disagree (Medium–Critical)
NVD
PRIMARY
5.3
MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
SUSE
CRITICAL
qualitative
Red Hat
5.7
HIGH
qualitative
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Lifecycle Timeline
4
Analysis Generated
Jun 09, 2026 - 03:00 vuln.today
CVSS changed
Jun 09, 2026 - 02:22 NVD
5.3 (MEDIUM)
CVE Published
Jun 09, 2026 - 00:16 nvd
UNKNOWN (no severity yet)
CVE Published
Jun 09, 2026 - 00:16 nvd
MEDIUM 5.3
DescriptionCVE.org
Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
AnalysisAI
Out-of-bounds read in Chrome's Media component on ChromeOS allows an attacker who has already compromised the renderer process to exfiltrate potentially sensitive data from process memory via a crafted HTML page. Affected are all Chrome for ChromeOS releases prior to 149.0.7827.103. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Access
Identify ChromeOS target running vulnerable Chrome
Delivery
Exploit separate renderer vulnerability to achieve renderer compromise
Exploit
Serve crafted HTML page with malicious media payload
Execution
Trigger out-of-bounds read in Media component
Impact
Extract sensitive data from process memory
Access
Identify ChromeOS target running vulnerable Chrome
Delivery
Exploit separate renderer vulnerability to achieve renderer compromise
Exploit
Serve crafted HTML page with malicious media payload
Execution
Trigger out-of-bounds read in Media component
Impact
Extract sensitive data from process memory
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concurrent conditions: first, the attacker must have already achieved renderer process compromise through a separate, unrelated vulnerability - this is an explicit prerequisite stated in the CVE description and reflected in the CVSS AC:H rating; second, user interaction is required (UI:R), meaning the victim must navigate to or load attacker-controlled content in the browser; third, the target device must be running ChromeOS specifically, as the vulnerability is scoped to Chrome on ChromeOS and does not affect Chrome on other platforms. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.3 Medium score reflects real constraints: AC:H (high attack complexity) and UI:R (user interaction required) both bound exploitability significantly, and the description explicitly states the attacker must have already compromised the renderer process - making this a second-stage or chained vulnerability rather than a direct entry point. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has separately exploited a renderer process vulnerability (for example, via a prior JavaScript engine or DOM parsing bug) then serves a crafted HTML page containing specially constructed media content to the already-compromised renderer on a ChromeOS device. The Media component performs an out-of-bounds read while processing the media data, returning memory contents from outside the intended buffer to the attacker-controlled renderer context, potentially exposing credentials, session tokens, or other sensitive in-process data. … |
| Remediation | The primary remediation is to update Google Chrome on ChromeOS to version 149.0.7827.103 or later, as confirmed by the vendor's Stable Channel Update advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Vendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).